Author: Jakob Hirsch Date: To: Nigel Wade CC: Exim users list Subject: Re: [exim] Setup for authenticated submission
Nigel Wade wrote:
> I'm in the process of deciding how to configure our mail server to provide
> client submission (port 587, and possibly 465). I'm looking for general
> tips, and do's and dont's for its configuration. The purpose is to allow
> authenticated client submission over SSL from the Internet. We are not
> able to allow port 25 submission, hence the requirement to setup port
> 587/465.
It depends on your requirements.
I have only one rule: You have to AUTH before you can submit. I have also
disabled AUTH on port 25, but that's optional.
> I'm currently leaning towards the idea of a separate Exim process handle
> mail submission, and for this to relay the mail to the main Exim process
I don't see why you should do that. It complicates things unnecessarily.
But that, again, depends on your requirements.
I also saw somebody having port 587 in tls_on_connect, which I think is a
bad idea. While RFC 2476 does not explicitly specify it, all installations
I know of use STARTTLS.